QUESTION 1Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers, including non-domain members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records.What should you do?

A. Set dynamic updates to Secure Only.B. Remove the Authenticated Users group.C. Enable zone transfers to Name Servers.D. Deny the Everyone group the Create All Child Objects permission.

Answer: A

QUESTION 2Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. A domain controller named DC1 has a standard primary zone for contoso.com. A domain controller named DC2 has a standard secondary zone for contoso.com. You need to ensure that the replication of the contoso.com zone is encrypted. You must not lose any zone data. What should you do?

A. Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.B. Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.C. Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on the secondary zone.D. On both servers, modify the interface that the DNS server listens on.

QUESTION 3You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller. Which two roles should you transfer? (Each correct answer presents part of the solution. Choose two.)

Answer: AEExplanation:Schema masterDomain naming masterhttp://social.technet.microsoft.com/wiki/contents/articles/832.transferring-fsmo-roles-in-indows-server-2008.aspxTransferring FSMO Roles in Windows Server 2008One of any system administrator duties, would be to upgrade a current domain controller to a new hardware server. One of the crucial steps required to successfully migrate your domain controller, is to be able to successfully transfer the FSMO roles to the new hardware server. FSMO stands for Flexible Single Master Operations, and in a forest there are at least five roles.The five FSMO roles are:Schema MasterDomain Naming MasterInfrastructure MasterRelative ID (RID) MasterPDC EmulatorThe first two roles above are forest-wide, meaning there is one of each for the entire forest. The last three are domain-wide, meaning there is one of each per domain. If there is one domain in your forest, you will have five FSMO roles. If you have three domains in your forest, there will be 11 FSMO roles.

QUESTION 4An Active Directory database is installed on the C volume of a domain controller. You need to move the Active Directory database to a new volume. What should you do?

A. Copy the ntds.dit file to the new volume by using the ROBOCOPY command.B. Move the ntds.dit file to the new volume by using Windows Explorer.C. Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows PowerShell.D. Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility.

QUESTION 5Contoso, Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an Active Directory domain named intranet.fabrikam.com. Fabrikam’s security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network. You need to ensure that the Contoso users are able to resolve names from the intranet.fabrikam.com domain.What should you do?

A. Create a new stub zone for the intranet.fabrikam.com domain.B. Configure conditional forwarding for the intranet.fabrikam.com domain.C. Create a standard secondary zone for the intranet.fabrikam.com domain.D. Create an Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.

Answer: BExplanation:Configure conditional forwarding for the intranet.fabrikam.com domain.http://technet.microsoft.com/en-us/library/cc730756.aspxUnderstanding ForwardersA forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for external DNS names to DNS servers outside that network. You can also forward queries according to specific domain names using conditional forwarders. You designate a DNS server on a network as a forwarder by configuring the other DNS servers in the network to forward the queries that they cannot resolve locally to that DNS server. By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, and improve the efficiency of name resolution for the computers in your network.The following figure illustrates how external name queries are directed with forwarders.

QUESTION 6Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll. You create a GPO. You need to track which employees access the Payroll files on the file servers. What should you do?

A. Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file servers, configure Auditing for the Authenticated Users group in the Payroll folder.B. Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.C. Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.D. Enable the Audit object access option. Link the GPO to the domain. On the domain controllers, configure Auditing for the Authenticated Users group in the Payroll folder.

QUESTION 7Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do?

A. Configure the certificate for automatic enrollment for the computers that store encrypted files.B. Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.C. Apply the Hisecdc security template to the domain controllers.D. Archive the private key on the server.

QUESTION 8Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users. You perform nightly backups. An administrator deletes the Groups OU. You need to restore the Groups OU without affecting users and computers in the Sales OU. What should you do?

A. Perform an authoritative restore of the Sales OU.B. Perform a non-authoritative restore of the Sales OU.C. Perform an authoritative restore of the Groups OU.D. Perform a non-authoritative restore of the Groups OU.

Answer: CExplanation:http://technet.microsoft.com/en-us/library/cc816878%28v=ws.10%29.aspxPerforming Authoritative Restore of Active Directory ObjectsAn authoritative restore process returns a designated, deleted Active Directory object or container of objects to its predeletion state at the time when it was backed up. For example, you might have to perform an authoritative restore if an administrator inadvertently deletes an organizational unit (OU) that contains a large number of users. In most cases, there are two parts to the authoritative restore process: a nonauthoritative restore from backup, followed by an authoritative restore of the deleted objects. If you perform a nonauthoritative restore from backup only, the deleted OU is not restored because the restored domain controller is updated after the restore process to the current status of its replication partners, which have deleted the OU. To recover the deleted OU, after you perform nonauthoritative restore from backup and before allowing replication to occur, you must perform an authoritative restore procedure. During the authoritative restore procedure, you mark the OU as authoritative and let the replication process restore it to all the other domain controllers in the domain. After an authoritative restore, you also restore group memberships, if necessary.

QUESTION 9Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to create multiple password policies for users in your domain. What should you do?

Answer: CExplanation:From the ADSI Edit snap-in, create multiple Password Setting objects.http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspxAD DS Fine-Grained Password and Account Lockout Policy Step-by-Step GuideIn Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain.To store fine-grained password policies, Windows Server 2008 includes two new object classes in the ActiveDirectory Domain Services (AD DS) schema:Password Settings ContainerPassword Settings The Password Settings Container (PSC) object class is created by default under the System container in the domain. It stores the Password Settings objects (PSOs) for that domain. You cannot rename, move, or delete this container.Steps to configure fine-grained password and account lockout policiesWhen the group structure of your organization is defined and implemented, you can configure and apply finegrained password and account lockout policies to users and global security groups. Configuring fine-grained password and account lockout policies involves the following steps:Step 1: Create a PSOStep 2: Apply PSOs to Users and Global Security Groups Step 3: Manage a PSOStep 4: View a Resultant PSO for a User or a Global Security Group http://technet.microsoft.com/en-us/library/cc754461%28v=ws.10%29.aspxStep 1: Create a PSOYou can create Password Settings objects (PSOs):Creating a PSO using the Active Directory module for Windows PowerShell Creating a PSO using ADSI EditCreating a PSO using ldifde

QUESTION 10You have a domain controller that runs Windows Server 2008 R2 and is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager console?

Microsoft Official Exam Center New Released 70-640 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-640 at the first try!

2015 Free Download of Latest Microsoft 70-640 Practce Exam Questions from Braindump2go will help you have a 100% success of 70-640 real exam! All questions are the latest checked and released! Answers are 100% correct guaranteed! In order to increase your confidence, 100% Full Money Back Guarantee is promised by Braindump2go! Instant Download Now!

Microsoft Official Exam Center New Released 70-640 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-640 at the first try!

2015 Free Download of Latest Microsoft 70-640 Practce Exam Questions from Braindump2go will help you have a 100% success of 70-640 real exam! All questions are the latest checked and released! Answers are 100% correct guaranteed! In order to increase your confidence, 100% Full Money Back Guarantee is promised by Braindump2go! Instant Download Now!

Microsoft Official Exam Center New Released 70-640 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-640 at the first try!

2015 Free Download of Latest Microsoft 70-640 Practce Exam Questions from Braindump2go will help you have a 100% success of 70-640 real exam! All questions are the latest checked and released! Answers are 100% correct guaranteed! In order to increase your confidence, 100% Full Money Back Guarantee is promised by Braindump2go! Instant Download Now!

Microsoft Official Exam Center New Released 70-640 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Microsoft 70-640 at the first try!